Pinterest Has Been Locking Accounts In Response To Hacks, May Not Know The Cause Of Security Breach

Pinterest has been temporarily locking accounts in response to hacks. It looks like the company doesn’t know the cause of the security breaches.

On July 16, Pinterest posted a “Locked Account Survey,” asking affected users to complete a survey to “assist our investigation.” The eleven question survey is broad, covering a wide range of possible issues, from whether the user had experienced other security hacks to how they used Pinterest to what browser they used, suggesting that Pinterest doesn’t know what’s causing its hacks.

Pinterest posted five different notices between July 10 and 16 regarding hacks and locked accounts, with the last one being the survey. They have not posted since then.

Blogger Josh Davis has been following the issue closely on his site; Pinterest users have been sharing their hacked and locked-out tales in the comments of his July 7 post.

On July 10, Pinterest posted the note, “Help! Someone is accessing my account without my permission,” telling users to change their passwords. They continued:

“If changing your password does not solve the issue, change your password again and immediately deactivate your account. Please return to this support article in 1-2 weeks for additional instructions; we are working on a process that will enable users to reset their accounts.
Unfortunately, we are unable to restore any deleted boards or pins.”

In some cases, hacked users may lose all their pins and boards, which could be a crushing blow to those who’ve invested tons of time into the site.

On July 12, they published a guide, “Account Security: How to Protect Your Pins.” The guide told users to create a strong password, be cautious, protect their devices and keep them up to date. The guide did not detail the ongoing account hacks, merely writing at the top that “account security is a top priority at Pinterest.”

On July 13, Pinterest posted twice: first, “Help! I received a notification that my email/password changed or that there was a suspicious login.” Just a few hours later, they posted “Notice of Locked Account.” The first note, Pinterest informed users that they may get emails from Pinterest about account activity (changing passwords or emails) that they don’t recognize; they told users to lock their account and inform Pinterest. Hours later, the second note told users, “When we detect unusual activity on an account, we temporarily lock it to protect its pins and prevent spam.”

Three days later, the company posted the survey to help their investigation. There has been no update since then.

We have not been able to find accurate data on how many users have been affected. Pinterest was not immediately available for comment.

Update: Pinterest responds …
Hi Billy,

Here is our statement, which can be attributed to a spokesperson.

Statement:
It’s important to us that all the content on Pinterest is authentic
and people’s accounts are secure. That’s why we’re constantly
monitoring for suspicious activity. When we detect unusual activity
on an individual account, we lock it temporarily. Over the past
several days, we’ve locked a number of accounts associated with a
specific piece of spam. We are currently re-activating these
accounts.

It’s difficult to identify how a given account may be compromised.
However, we suspect this spam may be related to the recent leaks of
credentials from other sites, which serves as an important reminder to
have unique logins and passwords for all the sites you use. We also
encourage everyone on Pinterest to review our account security guide
to make sure their account and pins remain free of spam
(https://support.pinterest.com/entries/21686711-account-security-how-to-protect-your-pins).